Releases105
Frequency1 month 4 weeks
Last Release
Lightweight pipelining with Python functions
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| = 1.4.2 | 7.5 HIGH | — | ||
joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). NOTE: this is disputed by the supplier because NumpyArrayWrapper is only used during caching of trusted content. | ||||
| = *, < 1.1.1 | 7.3 HIGH | — | ||
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | ||||